﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.Security;
using System.Data.SqlClient;
using System.Net.Mail;

public partial class RecoverPassword : System.Web.UI.Page
{
    SqlConnection conn;
    SqlCommand cmd;
    SqlDataReader dr;
    protected void Page_Load(object sender, EventArgs e)
    {
        conn = new SqlConnection(System.Web.Configuration.WebConfigurationManager.ConnectionStrings["connstr"].ConnectionString);
        if (!Page.IsPostBack)
        {
            try
            {
                conn.Open();
                txtUserName.Focus();
            }
            catch (SqlException ex)
            {
                ltMsg.Text = ex.Message;
            }
        }
    }
    protected void btnGetSecurityQues_Command(object sender, CommandEventArgs e)
    {
        if (e.CommandName.Equals("GetUserName"))
        {
            cmd = new SqlCommand("select SecretQuestion from HAT_UserAccounts where UserName=@UName and IsApproved='1'", conn);
            cmd.Parameters.Add("@UName", System.Data.SqlDbType.VarChar).Value = txtUserName.Text;
            try
            {
                conn.Open();
                dr = cmd.ExecuteReader();
                if (dr.HasRows)
                {
                    while (dr.Read())
                    {
                        LoadUserSecurity(dr.GetString(0));
                    }
                    dr.Close();
                }
                else
                {
                    ltMsg.Text = "No Valid UserName found. Please try again";
                    dr.Close();
                }
            }
            catch (SqlException ex)
            {
                ltMsg.Text = ex.Message;
            }
            finally
            {
                conn.Close();
            }
        }
    }
    private void LoadUserSecurity(string SecretQuestion)
    {
        ltSecQues.Visible = true;
        ltSecQues.Text = SecretQuestion;
        txtSecAns.Visible = true;
        btnValidate.Visible = true;
        txtSecAns.Focus();
    }
    protected void btnValidate_Command(object sender, CommandEventArgs e)
    {
        if (e.CommandName.Equals("ValidateSecurityQuestion"))
        {
            cmd = new SqlCommand("select SecretAnswer, Password, EmailAddr, DisplayName from HAT_UserAccounts where UserName=@UName and SecretQuestion=@SecQues and IsApproved='1'", conn);
            cmd.Parameters.Add("@UName", System.Data.SqlDbType.VarChar).Value = txtUserName.Text;
            cmd.Parameters.Add("@SecQues", System.Data.SqlDbType.VarChar).Value = ltSecQues.Text;
            try
            {
                conn.Open();
                dr = cmd.ExecuteReader();
                if (dr.HasRows)
                {
                    while (dr.Read())
                    {
                        if (txtSecAns.Text.Equals(dr.GetString(0)))
                        {
                            EmailRecoveredPassword(dr.GetString(3), txtSecAns.Text, dr.GetString(1), dr.GetString(2));
                        }
                        else
                        {
                            ltMsg.Text = "Invalid Security Answer. Try Again!";
                            txtSecAns.Focus();
                        }
                    }
                    dr.Close();
                }
                else
                    ltMsg.Text = "No Security Question Exists";
            }
            catch (SqlException ex)
            {
                ltMsg.Text = ex.Message;
            }
            finally
            {
                conn.Close();
            }
        }
    }
    private void EmailRecoveredPassword(string DisplayName, string SecAnswer, string CorrectPassword, string eMailAddress)
    {
        Operations.EmailRecoveredPassword(DisplayName, SecAnswer, CorrectPassword, eMailAddress);
        Response.Redirect("~/Login.aspx?Msg=The Recovered Password would be e-mailed to you shortly to the Registered E-Mail Address", false);
    }
}